
====================================================================

                                    CERT-Renater

                       Note d'Information No. 2016/VULN069
_____________________________________________________________________

DATE                : 22/02/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running versions prior to 5.0.5, 5.1.0.

======================================================================
https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
_____________________________________________________________________

CVE-2016-0795

Title: CVE-2016-0795 LotusWordPro Bounds overflows in LwpTocSuperLayout 
processing

Announced: February  17, 2016

Fixed in: LibreOffice 5.0.5/5.1.0

Description:

Parsing the LwpTocSuperLayout record was insufficiently checked for
validity. Documents can be constructed which cause memory corruption by
overflowing the LwpTocSuperLayout buffer..

All users are recommended to upgrade to LibreOffice >= 5.0.5 or >= 5.1.0

Thanks to the researchers working with VeriSign iDefense Labs for
discovering this flaw.

References:

      CVE-2016-0795

_____________________________________________________________________

CVE-2016-0794

Title: CVE-2016-0794 LotusWordPro Multiple bounds overflows in lwp
filter

Announced: February  17, 2016

Fixed in: LibreOffice 5.0.4/5.1.0

Description:

Multiple offsets in parsing lwp documents were insufficiently checked
for validity. Documents can be constructed which cause memory
corruption by overflowing various buffer bounds.

All users are recommended to upgrade to LibreOffice >= 5.0.4 or >= 5.1.0

Thanks to the researchers working with VeriSign iDefense Labs for
discovering this flaw.

References:

      CVE-2016-0794

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================